:OTL PRC - [2012/07/03 11:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe SRV:[b]64bit:[/b] - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) DRV:[b]64bit:[/b] - [2012/07/03 11:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:[b]64bit:[/b] - [2012/07/03 11:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:[b]64bit:[/b] - [2012/07/03 11:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:[b]64bit:[/b] - [2012/07/03 11:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:[b]64bit:[/b] - [2012/07/03 11:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:[b]64bit:[/b] - [2012/07/03 11:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/10 16:50:16 | 000,000,000 | ---D | M] [2012/07/10 16:50:16 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF CHR - Extension: avast! WebRep = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\ O2:[b]64bit:[/b] - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O29:[b]64bit:[/b] - HKLM SecurityProviders - (msapsspc.dll) - File not found O29:[b]64bit:[/b] - HKLM SecurityProviders - (digest.dll) - File not found O29:[b]64bit:[/b] - HKLM SecurityProviders - (msnsspc.dll) - File not found O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found O29 - HKLM SecurityProviders - (digest.dll) - File not found O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found [2012/07/10 16:50:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2012/07/10 16:50:35 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2012/07/10 16:50:34 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2012/07/10 16:50:31 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2012/07/10 16:50:30 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2012/07/10 16:50:29 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2012/07/10 16:50:25 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012/07/10 16:50:25 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012/07/10 16:50:11 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2012/07/10 16:50:10 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012/07/10 16:49:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012/07/10 16:49:55 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012/07/10 08:44:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/07/10 08:44:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/07/10 08:44:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/07/10 07:48:36 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/07/10 07:47:15 | 004,575,265 | R--- | C] (Swearware) -- C:\Users\Terry\Desktop\ComboFix.exe [2012/07/09 20:52:56 | 000,000,000 | ---D | C] -- C:\FRST [2012/07/09 01:10:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2012/07/08 18:43:08 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\NPE [2012/05/14 00:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2012/07/10 16:50:36 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012/07/10 16:50:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2012/07/10 08:44:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/07/10 08:44:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/07/10 08:44:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/07/10 08:44:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/07/10 08:44:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/07/08 08:01:51 | 001,415,784 | ---- | C] () -- C:\Users\Terry\Desktop\yorkyt.exe @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B4227B4 :Files C:\Users\Terry\Downloads\InstallRARFileOpenKnife.exe C:\Users\Terry\Downloads\jZipV1.exe C:\Users\Terry\Downloads\winamp5623_full_emusic-7plus_en-us.exe C:\Program Files\AVAST Software :Reg :Commands [purity] [emptytemp] [EMPTYFLASH] [emptyjava] [REBOOT]